Files and Permissions for Internet Information Server (IIS)
| Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
This appendix lists the detailed, minimum file permission settings that must be in place for FrontPage to perform as designed. Any reference to shtml.dll, author.dll, or admin.dll applies equally to their CGI counterparts: shtml.exe, author.exe, and admin.exe on IIS 1.x servers. FrontPage only edits ACLs, it never affects the permissions of any accounts not listed below on any files.
File Permissions Assigned by "Check Installation"
The FrontPage 98 Server Administrator (fpsrvwin.exe) has a "Check and Fix" button that can correct problems in NTFS permissions. The following is list of files shows the minimum permissions required for FrontPage. This feature will set the file permissions to those listed below but will not correct:
Incorrect permission on data (e.g. HTML files)
Permissions on the root of the content drive
Permissions that are too lenient
Permissions on sub-webs
Windows NT directory
\WINNT\frontpg.ini
INTERACTIVE |
Read (R) |
NETWORK |
Read (R) |
\WINNT\system\fp30utl.dll
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\WINNT\system\fp30txt.dll
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\WINNT\system\fp30wel.dll
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\WINNT\system32\infoadmn.dll
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\WINNT\system32\mfc42.dll
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\WINNT\system32\msvcirt.dll
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\WINNT\system32\msvcrt.dll
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\WINNT\system32\netapi32.dll
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\WINNT\system32\netrap.dll
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\WINNT\system32\rpcltc1.dll
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\WINNT\system32\samlib.dll
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\WINNT\system32\wsock32.dll
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
Microsoft FrontPage Installation Directory
The FrontPage installation directory defaults to C:\Program Files\Microsoft FrontPage, but the directory can be changed by the user during the installation process.
\Microsoft FrontPage\version3.0\servsupp\
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\Microsoft FrontPage\version3.0\servsupp\fp30msft.dll
INTERACTIVE |
Read (RX) |
NETWORK |
Read (RX) |
\Microsoft FrontPage\version3.0\servsupp\servers.cnf
INTERACTIVE |
Special Access (R) |
NETWORK |
Special Access (R) |
\Microsoft FrontPage\version3.0\bin\
INTERACTIVE |
List (RX)(Not Specified) |
NETWORK |
List (RX)(Not Specified) |
\Microsoft FrontPage\version3.0\bin\fp30vss.dll
INTERACTIVE |
Read (RX) |
NETWORK |
Read (RX) |
\Microsoft FrontPage\version3.0\bin\fpext*.msg
These files are only present for multi-language support, and are not normally present in an English installation of the FrontPage Server Extensions.
INTERACTIVE |
Read (RX) |
NETWORK |
Read (RX) |
\Microsoft FrontPage\version3.0\isapi\
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\Microsoft FrontPage\version3.0\isapi\_vti_bin
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\Microsoft FrontPage\version3.0\isapi\_vti_bin\shtml.dll
INTERACTIVE |
Read (RX) |
NETWORK |
Read (RX) |
\Microsoft FrontPage\version3.0\isapi\_vti_bin\_vti_adm\
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\Microsoft FrontPage\version3.0\isapi\_vti_bin\_vti_adm\admin.dll
INTERACTIVE |
Read (RX) |
NETWORK |
Read (RX) |
\Microsoft FrontPage\version3.0\isapi\_vti_bin\_vti_aut\
INTERACTIVE |
Read (RX)(RX) |
NETWORK |
Read (RX)(RX) |
\Microsoft FrontPage\version3.0\isapi\_vti_bin\_vti_aut\author.dll
INTERACTIVE |
Read (RX) |
NETWORK |
Read (RX) |
\Microsoft FrontPage\version3.0\temp\
INTERACTIVE |
Special Access (RWX)(RWX) |
NETWORK |
Special Access (RWX)(RWX) |
\Microsoft FrontPage\version3.0\temp\frontpg.lck
INTERACTIVE |
Special Access (RW) |
NETWORK |
Special Access (RW) |
Web Content Area
"Check Installation" on an existing FrontPage web will only affect the following files and directories in the web content root area - it will not make any adjustment to NTFS permissions in FrontPage sub webs unless the "tighten permissions" option is chosen. The minimum level of permissions required in FrontPage sub-webs will be set during the "tighten permissions" option. In addition to the permissions listed below, browsers will need READ permissions to shtml.dll, authors will need READ permissions to author.dll, and administrators will need READ permissions to admin.dll. This listing assumes a web content area of \inetpub\wwwroot.
\inetpub
All directories enclosing the content root will grant LIST permissions to these accounts.
INTERACTIVE |
List (RX)(Not Specified) |
NETWORK |
List (RX)(Not Specified) |
\inetpub\wwwroot
INTERACTIVE |
List (RX)(Not Specified) |
NETWORK |
List (RX)(Not Specified) |
\inetpub\wwwroot\_vti_pvt
INTERACTIVE |
Special Access (RWXD)(RWD) |
NETWORK |
Special Access (RWXD)(RWD) |
\inetpub\wwwroot\_vti_pvt\botinfs.cnf
INTERACTIVE |
Special Access (R) |
NETWORK |
Special Access (R) |
\inetpub\wwwroot\_vti_pvt\bots.cnf
INTERACTIVE |
Special Access (R) |
NETWORK |
Special Access (R) |
\inetpub\wwwroot\_vti_pvt\services.cnf
INTERACTIVE |
Special Access (R) |
NETWORK |
Special Access (R) |
\VSS\win32\ssapi.dll
This file's security settings are modified only if Visual SourceSafe 5 is installed.
INTERACTIVE |
(RX) |
NETWORK |
(RX) |
\VSS\win32\ss xx .dll
This file's security settings are modified only if Visual SourceSafe 5 is installed. The xx value is the country code, and ssus.dll is the default if no other country code is present.
INTERACTIVE |
(RX) |
NETWORK |
(RX) |
Additional File Permissions Assigned by Installation
The following list is of additional file permissions assigned when FrontPage is installed. Add the following list to the list above for the complete picture of the effect of FrontPage installation on the server. This list assumes that the built in Windows NT groups "Administrators" and "SYSTEM" already have full control over the entire drive, and that the IUSR_<hostname> account is granted READ access to the web content before FrontPage is installed.
FrontPage will assume any account with READ access to the web content will need continued access after installation. Such accounts will become end users of the web content. IUSR_<hostname> is only granted access in the list below if it had access to the files at installation time. You can substitute "all user accounts with read access to the web content" in place of IUSR_<hostname>. Regardless of what level access these accounts were assigned prior to installation, they will be normalized to the access levels described below by the installation process.
FrontPage will assign "Administrators" and "SYSTEM" full control everywhere.
The installing account is explicitly given Admin rights throughout the content area even though they are already an admin. You must be a Windows NT Administrator to successfully run the FrontPage Server Administrator.
Microsoft FrontPage Installation Directory
The FrontPage installation directory defaults to C:\Program Files\Microsoft FrontPage, but the directory can be changed by the user during the installation process.
\Microsoft FrontPage\temp\_x_todo.htm
INTERACTIVE |
Special Access (RWX) |
NETWORK |
Special Access (RWX) |
Web Content Area
\inetpub\wwwroot\
IUSR_<host_name> |
Special Access (RWXD) (RWD) |
The Installing Account |
Special Access (RWXD) (RWD) |
All Browseable Content
IUSR_<host_name> |
Special Access (RX)(R) |
The Installing Account |
Special Access (RWXD) (RWD) |
\inetpub\wwwroot\_vti_log\
IUSR_<host_name> |
Special Access (RWXD) (RWD) |
The Installing Account |
Special Access (RWXD) (RWD) |
\inetpub\wwwroot\_vti_pvt\
IUSR_<host_name> |
Special Access (RWXD) (RWD) |
The Installing Account |
Special Access (RWXD) (RWD) |
\inetpub\wwwroot\_vti_pvt\access.cnf
IUSR_<host_name> |
Special Access (RWD) |
The Installing Account |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\doctodep.btr
IUSR_<host_name> |
Special Access (RWD) |
The Installing Account |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\deptodoc.btr
IUSR_<host_name> |
Special Access (RWD) |
The Installing Account |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\linkinfo.cnf
IUSR_<host_name> |
Special Access (RWD) |
The Installing Account |
Special Access (RWD) |
INTERACTIVE |
Special Access (RWD) |
NETWORK |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\service.cnf
IUSR_<host_name> |
Special Access (RWD) |
The Installing Account |
Special Access (RWD) |
INTERACTIVE |
Special Access (RWD) |
NETWORK |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\services.org
IUSR_<host_name> |
Special Access (RWD) |
The Installing Account |
Special Access (RWD) |
INTERACTIVE |
Special Access (RWD) |
NETWORK |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\structure.cnf
IUSR_<host_name> |
Special Access (RWD) |
The Installing Account |
Special Access (RWD) |
INTERACTIVE |
Special Access (R) |
NETWORK |
Special Access (R) |
\inetpub\wwwroot\_vti_pvt\svcacl.cnf
IUSR_<host_name> |
Special Access (RWD) |
The Installing Account |
Special Access (RWD) |
INTERACTIVE |
Special Access (RWD) |
NETWORK |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\uniqperm.cnf
IUSR_<host_name> |
Special Access (RWD) |
The Installing Account |
Special Access (RWD) |
INTERACTIVE |
Special Access (RWD) |
NETWORK |
Special Access (RWD) |
\inetpub\wwwroot\_vti_txt\
IUSR_<host_name> |
Special Access (RWXD) (RWD) |
The Installing Account |
Special Access (RWXD) (RWD) |
INTERACTIVE |
Special Access (RWXD) (Not Specified) |
NETWORK |
Special Access (RWXD) (Not Specified) |
\inetpub\wwwroot\_vti_bin\
IUSR_<host_name> |
Read (RX)(RX) |
The Installing Account |
Read (RX)(RX) |
INTERACTIVE |
List (RX) (Not Specified) |
NETWORK |
List (RX) (Not Specified) |
\inetpub\wwwroot\_vti_bin\shtml.dll
IUSR_<host_name> |
Read (RX) |
The Installing Account |
Read (RX) |
\inetpub\wwwroot\_vti_bin\_vti_aut\
The Installing Account |
Read (RX)(RX) |
\inetpub\wwwroot\_vti_bin\_vti_aut\author.dll
The Installing Account |
Read (RX) |
\inetpub\wwwroot\_vti_bin\_vti_adm\
The Installing Account |
Read (RX)(RX) |
\inetpub\wwwroot\_vti_bin\_vti_adm\admin.dll
The Installing Account |
Read (RX) |
\inetpub\wwwroot\_vti_bot\
The Installing Account |
Read (RX) |
NETWORK |
Special Access (RX) (RX) |
INTERACTIVE |
Special Access (RX) (RX) |
\inetpub\wwwroot\_vti_cnf\
IUSR_<host_name> |
Special Access (RX) (R) |
The Installing Account |
Special Access (RWXD) (RWD) |
\inetpub\wwwroot\_private\
IUSR_<host_name> |
Special Access (RX) (R) |
The Installing Account |
Special Access (RWXD) (RWD) |
.gif "Cc750047.spacer(en-us,TechNet.10).gif")